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IEC 61511 Requirements — Clause 8 


A hazard and risk analysis shall be carried out on the process and its associated 
equipment. It shall result in: 


1. adescription of each identified hazardous event and the factors that contribute 
to it (including human errors); 

2. a description of the consequences and likelihood of the event; 

3. Consideration of conditions such as normal operations, start up, shutdown, 
Maintenance, upsets, ESD 

4. the determination of requirements for additional risk reduction necessary to 
achieve the required safety; 

5. a description of the measures taken to reduce or remove hazards and risk; 

6. a description of the assumptions made during the analysis of the risks including 
probable demand rates and equipment failure rates and any credit taken for 
operational constraints or human intervention; 


7. Allocation of the safety functions to layers of protection taking into account the 
impact of common cause failures between safety layers 


8. identification of those safety functions applied as SIFs Scene 
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Process Hazard Study 1 


= Identify hazards associated with the process. 


= Identify major environmental problems and assess suitability of 
proposed sites 


=" Criteria for hazards, authorities to be consulted, standards and 
regulations, codes of practice. 


= Collect/review information on previous hazardous incidents. 


Also known as: Concept and definition phase hazard study or Screening 
Level Risk Analysis (SLRA) 
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Process Hazard Study 2 


=" Examine plant items and equipment on process flow sheet and 


identify significant hazards 
=" Identify areas where redesign is appropriate 
=" Assess plant design against relevant hazard criteria 


=" Prepare environmental impact assessment 
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Hazard 1 Study Data 


Flow sheet or Equipment Diagrams 


Role players = 


Plan a systematic search for specific chemical/ physical hazards against flow diagrams 


Control block Diagrams 


Select operational blocks for study. 
Apply keywords from a guide diagram using a sequence of questions. 
For each hazard carry out assessment of consequences and frequency 
Decide layers of protection, Record results in a chart form. 


aes 


Identification of critical hazards and design constraints, 


Hazard summary table, 

Risk assessment listing and requirements for risk reduction, 
Confirmation or modification of overall control systems , 
Identification of layers of protection, 

List of items requiring further action or study, 

Major project decisions 
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Measures to prevent or eliminate causes 


Measure Reduce hazard due to 
Pressure/temperature reduction in process High energy levels, stresses 
Minimize equipment, piping, seals and joints Leaks 
Design for containing maximum pressure Rupture/bursting 
Provide pressure relief system Rupture/bursting 
Location/layout/spacing Interactions/confined spaces 
Operational alarms Wrong operating conditions 
Automatic protection systems (SIS) Wrong operating conditions, 

dependency on human response 
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Measures to mitigate or reduce consequences 


Measure 


Mitigate Consequences of _| 


Containment/bunding/safe disposal 


Uncontrolled dispersion, 
contamination 


Rapid leak detection 


Leaks leading to gas cloud 
/liquid pool 


Rapid fire detection 


Runaway Fire 


Control room/occupied buildings design 
for pressure shocks 


Injury to occupants 


Toxic refuge (Gas safe room) 


Toxic vapour exposure 


Fire protection/dispersion aids — water jets 


Spread of fire 


Fire fighting facilities 


Uncontrolled fire 


Off site vent/ Relief discharges 


Uncontrolled emissions 


Isolation of stages and units 


Migration of fires 
Feeding of fires from other units 


Emergency procedures 


Uncontrolled responses 
Chaotic evacuation 


Emergency shutdown systems 


Slow response to hazardous 
event. Dependency on human 
factors 
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Process Hazard study level 3 


* Critical examination of plant operations on completed design 


* Identifies detail hazard, control and operability problems. 


* Reviews existing safety measures 
* Often uses Hazard and Operability study (HAZOP) method 


* Should be completed before detailed design/ procurement begins 


ProSalus Limited 


Slide 3 - 10 


ProSalus Ltd 2011 


nn 


Functional Safety Engineering 


Copyright: 


— ProSalus Functional Safety Engineering 


Overall HAZOP Study procedure 


Definition Phase 
Scope & objectives--  Responsibilities--Select team 


1 


Preparation Phase 


Plan--Collect Data--Choose recording method 


Estimate time required- Arrange the schedule 


t 


Examination Phase 


Divide system into elements--Examine element for deviations from design intent 
Identify possible deviations, cause, consequences, protection needs 
Agree actions -repeat for each element 


t 


Reporting and Follow-up Phase 


Record on worksheets--Sign off records--Produce report 


Follow up actions - Restudy where needed- Issue final report 
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(rc) Figure 3.8 
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Steam 
Catalyst Drum 
| Fuel gas 
Parameter: PRESSURE Deviation: LESS 
HP Separator 
Product Tk 
Reactor 
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Systematic Line by Line Study 


= Obtain a description of the intended normal modes of operation from 
the designer. 


=" Apply a series of prompts using keywords to stimulate thinking by 
the whole team about deviations from normality. 


™" Record those deviation conditions that are possible and are likely to 
have a significant consequence in terms of hazards or damage to 
the plant or severe loss of production. 


™ Record the corresponding actions required of the design team or the 
plant management as appropriate. 
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Causes and consequences 


Possible Deviation Causes Consequences 


Is the deviation possible ? Yes or No 
Guide Word Deviation 


What are the causes? 
How often will the deviation occur ? (frequency) 
What are the consequences? 


How serious are the consequences ? (severity) 


What safe guards exist to either prevent the deviation or 
protect against the consequences ? 


Is the situation acceptable ? (Risk) 


What should be done to prevent or protect against the 
event ? Recommendations, actions 


By Whom ? (Nominate a person in the team) 
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Change Path Concepts 
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Condition | —~ 


Chemical Reaction — Condition 2 


Condition! — 


Manual Task — Condition 2 


Condition 1 — 


Batch Sequence Step — Condition 2 
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Generating deviations 


Basic Guidewords 


Guideword 


Meaning 


NO or NOT (or none) 


None of the design intent is achieved 


MORE (more of, higher) Quantitative increase 


LESS 


Quantitative decrease 


AS WELL AS (more than) 


Qualitative modification or additional 
activity occurs 


Only some of the design intent is 


PA OF achieved. 
REVERSE Logical opposite of design intent 
OTHER THAN Complete substitution — another activity 
takes place. 
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Example of Derived Guidewords for Process Studies 


Temperature 


Parameter Guidewords that can give a meaningful combination 
Flow Non; more of; less of; reverse; elsewhere, as well as 


Functional Safety Engineering 


Higher; lower 


Pressure 
Level 
Mixing 


Reaction 


a aD CP ra POG | 
aD gp SPU | 


Higher; lower; reverse. 
None; higher; lower 


Less; more; none. 


Higher (rate of); lower (rate of); none; reverse; as well as. 


Phase 


Other; reverse; as well as. 


Composition 


Communication 


Part of; as well as. 


None; part of; more of; less of; other; as well as. 
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Creating Deviations 


Combining guidewords with elements generates deviations, 
some of which are credible and some are not credible. 


Guideword 


+ | Element ——=»> Possible Deviation 


The multi disciplined (Process, Operations, Maintenance etc) HAZOP 
study team has the task of deciding what elements are applicable and 


then deciding 


what deviations are credible for each element 
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Example of guideword/element matrix for process example 
Element Guidewords 
(parameter) 
No More Less Rev. Part As Where Early/ Other 
of well else late 
as 
Tank A Level Xx xX x 
Tank A Comp xX x x 
Flow in pipe xX x x xX x 
Temp in pipe xX x 
Pressure in Xx xX x x 
pipe 
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Level 


Study begins | 


Level Flow Control Temperature 
Composition Speed P. ies 
Temperature Reaction 
1: Tank A empty ===> No delivery [===> Pump runs ===> Gas flows from B 
dry/damaged to A to atmosphere 
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Examples of Element First Examination Method 


Part : Transfer of Element: Tank A Parameter: Level 

acid from A to B 

Deviation NONE Meaning/effect: Tank is empty 

Is it possible YES 

Causes 1:No supply 2: Extraction exceeds | 3: 
inflow. 

How often? Monthly Monthly 

Consequences 1: No transfer 2: Pump damage 

Severity Nil Moderate+ Loss of 
production 

Safeguards Operational None 

Acceptable risk N/A NO 

What should be Low level detection 

done and interlock on pump 

Action: Specify safety trip Process and 
Instrument engineers. 
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Causes of Deviations 


The cause of a deviation will nearly always be due to a failure of some kind 


» Hardware: Equipment, piping, instrumentation, design, construction, 
materials 


« Software: Procedures, instructions, specifications 
» Human: Management, operators, maintenance 


» External: Services ( steam, power), natural (rain, freezing), sabotage. 
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Evaluating EUC Risks 


" Safeguards will probably be in place ... 


= How do we describe the risks ? 
= Pretend there are no safeguards 
« Identify deviations and causes 
« Identify consequences, again without protection. 


= Recognize the protection measures provided (describe the 
safeguards) 


" Decide if the protection measures are good enough. 
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Hazard Study 4 - Purpose 


Reservation review verifying that the provisions in all previous studies are 
fully implemented and that the installation has been implemented as per the 
design intent 


* Key Aspects 

= Hazard review after construction is substantially completed but 
before hazardous materials are introduced to the plant 

= Check that equipment and installation is as per design intent 

= Check that previous Hazop Study actions are closed out 

= Emergency Plan and Operating and maintenance instructions / 
procedures have been handed over and are in place 

= Safety manual handed over 

= Staff training and competency assessments are complete 
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Hazard Study 5 - Purpose 


Safety Health and Environmental audit of constructed plant before 
introducing hazardous materials to provide an opportunity for those 
responsible for personal safety, employee health and environmental 
protection on the site to satisfy themselves that the detailed implementation 
of the project meets the company, statutory and legislative requirements. 


° ney Aspects 
= Hazard Review to ensure that safety, health and environmental 
management systems and procedures are in place 
= Process Safety Indicators have been identified and added to SMS 
= SIFs have been added to Site Risk Control Systems 
=" Emergency Plan and Operating and maintenance instructions / 
procedures have been handed over and are in place are operational 
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Hazard Study 6 - Purpose 


Ongoing review through out the plant life time to confirm that design 
has been fulfilled opposite SHE aspects and compare plant operational 
experience with assumptions made in hazard studies. First review will 
include confirmation that all documentation is available and in place. 


° Key Aspects 
First review 6 -12 months after plant operation 
= Validation that all documentation has been updated 
= Modifications made during commissioning and start up have not 
altered the risk profile 
= Validation of compliance to conditions of consent 
= Validation of employee occupational health monitoring 
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HAZOP Examples 
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Example of a safeguard in place: Boiler drum level 


Boiler Steam 


Drum 
a2 Feed water 
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Worksheet Example for Drum Level Hazard 


Part : Boiler Element: Drum Parameter: Level 
feedwater to drum 
Deviation LESS Meaning/effect: Drum level runs very 
low or empty 
Is it possible YES 
Causes 1:Loss of feedwater 2: Instrument fault, 3: Control valve fails 
supply sensor reads high shut 
How often? 1 per yr 0.2 per yr 0.1/yr 


Consequences 


1: Boiler tubes 
overheat and rupture 


requirements spec. 


Severity Severe. Risk of Severe: Damage to 
injuries boiler 
Safeguards Low feedwater Low level trip system 
pressure alarm 

Acceptable risk subject to satisfactory assessment 

What should be : 
done Risk assessment to check safeguard performance 
Action: Prepare safety Determine target SIL 


rating of trip and 
alarm 
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Complementary Hazard Study Techniques 


¢ Mechanical Plant, Instrumentation and Machines — FMEA, 
FMECA & FMEDA 


* Electrical systems — E-HAZOP / Sneak Analysis 


* Control systems - CHAZOP 


* Alarm systems — Alarm Review — EEMUA 191 


* Operation & Maintenance Tasks — Hierarchical Task Analysis 


* Human HAZOP - Predictive Human Error Analysis (PHEA) 
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